PRIVACY & COOKIES POLICY

This Privacy & Cookies Policy describes the principles for processing personal data and using cookies and other technologies on the website: art2brand.eu.

1. Personal Data
The administrator of your personal data under data protection law is:
Patrycja Krześniak, operating a sole proprietorship under the name Art2Brand, NIP: 5242555974

Contact by email: kontakt@art2brand.eu

You may reach out using the above contact details for any questions related to data processing.

2. Definitions
• “Administrator” – Patrycja Krześniak, sole proprietor (Art2Brand), ul. Stanisława Rogalskiego 3/68, 03‑982 Warsaw, NIP 5242555974, email: kontakt@art2brand.eu.
• “Personal data” – information relating to an identified or identifiable natural person, including IP address, internet identifiers, and data collected via cookies and similar technologies.
• “Website” – the art2brand.eu domain and its subpages.
• “Policy” – this Privacy & Cookies Policy.
• “GDPR” – Regulation (EU) 2016/679 of April 27, 2016.
• “User” – any natural person using the services or functionalities described in this Policy.

3. General Provisions
When you visit art2brand.eu, email me, or use my services, you cause me to process your personal data as detailed in this Policy. Providing data is voluntary but may be required to use certain features or services. Data collected is limited to what is necessary. No Data Protection Officer is appointed due to lack of statutory requirement. Purposes, legal bases, and retention periods for data processing are provided separately for each purpose below.

You have the following rights with respect to your personal data:

1. Access, correction, deletion, or restriction of processing.
2. Obtain a copy of your data.
3. Object to data processing.
4. Data portability.
5. Withdraw consent to data processing.
6. Lodge a complaint with the supervisory authority (President of the Data Protection Authority).

These rights correspond to Articles 15–21 GDPR. However, I may refuse if fulfilling the request conflicts with a legitimate processing purpose. Providing data and consent is voluntary, and I only process data within the scope and timeframe for which you have given consent. After the retention period passes, I irreversibly delete or anonymize your data.
At any time you may update or delete your data. If you have questions or concerns, write to me at kontakt@art2brand.eu.

4. Security
I guarantee confidentiality and implement security measures required by data protection law. Personal data is collected and processed securely, preventing unauthorized access.

5. Data Processors
I entrust the processing of personal data to the following entities:

• dhosting.pl Sp. z o.o.
• LinkedIn platform
• Other social media channels

These entities ensure appropriate data protection measures. I may also share data with public authorities or legal professionals when legally required, or with technical/service partners.

6. Purposes & Processing Activities

a) Orders
When placing an order, you must provide personal data (name, email, phone, address, company name, NIP, bank account, etc.). This data is processed to:

• fulfill the order (Art. 6(1)(b) GDPR)
• issue invoice/accounting documents (Art. 6(1)(c) GDPR)
• include in my accounting records (Art. 6(1)(c) GDPR)
• archive and for statistical/legal protection purposes (Art. 6(1)(f) GDPR)

Order data is retained until the limitation period for claims expires, after which it may continue to be processed for statistics. Invoices with your data are stored for 5 years following the tax obligation year.

You cannot correct or object to order-related data until the claim limitation period expires. Afterward, you may object or request deletion if no legal grounds exist. Data portability is available (Art. 20 GDPR). Withdrawal of consent or objection does not affect past lawful processing.

b) Newsletter (LinkedIn)
By subscribing via LinkedIn, you provide your profile data. This is processed by LinkedIn based on your consent, only for newsletter dispatch. I obtain your data from LinkedIn Ireland from your public profile.

You can unsubscribe at any time, after which data is no longer processed. Data is processed until consent withdrawal or successful objection.

c) Email Contact
When you contact me via email (or form), I collect your sender email, name (if present), IP (optionally), and any other personal data in your message. This is necessary to establish contact. The email service provider is dhosting.pl Sp. z o.o., Al. Jerozolimskie 98, 00‑807 Warsaw.

Your data is processed to enable communication (Art. 6(1)(a) and (f) GDPR). After contact ends, data may be archived for internal records (Art. 6(1)(c) and (f) GDPR).

Data is stored as long as communication is expected. If archived, retention does not exceed the claim limitation period. You may request your correspondence history and/or deletion unless needed for my legal defense.

7. Cookies & Tracking Technologies
My site uses cookies (small text files) to ensure proper operation, improve speed and security, enhance features, run analytics, marketing, comments, embed YouTube videos, and social functions.

Consent: Upon your first visit, you are informed about cookies. Closing that notice equals consent, which you can withdraw at any time via browser settings or deleting cookies. Disabling cookies may impair site functionality.
First-party cookies: Used for site operation, order processes, and login functionality.
Third-party cookies: Provided by external services—used for analytics (Google Analytics), videos (YouTube), and social media (LinkedIn, Instagram, TikTok).

a) Analytics & Statistics
I use Google Analytics with anonymized, non-identifying data. Tracking code may use cookies or other tech. Google LLC participates in the EU‑US Privacy Shield as per European Commission findings.
You may opt out of Google tracking via the browser add-on available at Google’s opt-out page. More details can be found in Google’s own policy.

b) YouTube Embeds
Playing embedded YouTube videos authorizes Google cookies as per YouTube policy.

c) Social Media Tools
Social plugins connect your browser to social networks when used. If logged in, your visit may be linked to your profile; interactions may be shared to your network. See respective platforms’ privacy policies for details.

8. Server Logs
Server logs record IP, date/time, session, HTTP request details, browser/OS info, stored on the server.

These logs are not linked to specific individuals and are used only for admin, diagnostics, and server monitoring, accessible only to authorized persons.

9. Policy Changes
Art2Brand reserves the right to amend the policy as needed due to law or technology changes. The current version is always available at: art2brand.eu/en/privacy-policy.

10. Final Provisions
This Policy is protected under Polish copyright law (Feb 4, 1994). Any infringement may prompt legal action to protect said rights.